Abstract
Let F n be the set of all functions from n bits to n bits. Let f n specify for each key k of a given length a function f n k ∈ F n. We say f n is pseudorandom if the following two properties hold:
-
(1)
Given a key k and an input α of length n, the time to evaluate f n k (α) is polynomial in n.
-
(2)
If a random key k is chosen, f n k “looks like” a random function chosen from F n to any algorithm which is allowed to evaluate f n k at polynomial in n input values.
Let P 2n be the set of permutations (1-1 onto functions) from 2n bits to 2n bits. Let p 2n specify for each key k of a given length a permutation p k 2n ∈ P 2n. We present a simple method for describing p 2n in terms of f n. The method has the property that if f n is pseudo-random then p 2n is also pseudo-random. The method was inspired by a study of the security of the Data Encryption Standard. This result, together with the result of Goldreich, Goldwasser and Micali [GGM], implies that if there is a pseudo-random number generator then there is a pseudo-random invertible permutation generator. We also prove that if two permutation generators which are “slightly secure” are cryptographically composed, the result is more secure than either one alone.
Chapter PDF
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1986 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Luby, M., Rackoff, C. (1986). How to Construct Pseudo-random Permutations from Pseudo-random Functions. In: Williams, H.C. (eds) Advances in Cryptology — CRYPTO ’85 Proceedings. CRYPTO 1985. Lecture Notes in Computer Science, vol 218. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39799-X_34
Download citation
DOI: https://doi.org/10.1007/3-540-39799-X_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-16463-0
Online ISBN: 978-3-540-39799-1
eBook Packages: Springer Book Archive